Fun fact - the "border zone" in which your 4th amendment rights are suspended and you are subject to search, is 100 miles wide and overlaps where the majority of Americans live and work
> Searches within the 100-mile extended border zone, and outside of the immediate border-stop location, must meet three criteria: a person must have recently crossed a border; an agent should know that the object of a search hasn’t changed; and that “reasonable suspicion” of a criminal activity must exist, says the CRS
Every time I see this map (which, AFAIK, is a visualization by the ACLU and not based on an official government publication) I wonder why Chicago and the coastline of Lake Michigan is included. The border with Canada runs diagonally down the length of Lake Superior, clears the Straits of Mackinac by at least 40 miles, and then continues southeast along Lake Huron to Sarnia and Detroit.
The entirety of Lake Michigan is within the borders of the US, so while this entire "100-mile border zone" business is bizarre enough as it is, it's truly disingenuous to include the lower Lake Michigan coastline. It makes me wonder if this is an interpretational liberty taken solely by the ACLU, or if the government's demonstrated behavior truly justifies what is shown on the map.
and worse, it technically includes all ports. which could basically mean radii around every international airport.
when i first learned about this, I scared my lawyer girlfriend about it and she helped me look into the actual court cases. they have been somewhat difficult to hold up. usually because LO abuses the rules by not following the three terms listed above. and it still takes getting all the way to Supreme Court which is a massive drain on resources for those typically affected by this.
What? That doesn't make any sense. Constitutional rights don't apply anywhere outside the border as far as I know. In this context, the area can only extend inside. Or do I misunderstand your comment?
I always knew that the US considered a 100 mile radius outside of our borders (specifically marine regions) as part of our borders and that it's basically de-facto "US territory". This is only a dim memory from reading about various stories from the "drug war."
The thing is, the bill of rights doesnt say anything about that. It says "the government shall not", and it seems to me any sane interpretation would say it applies wherever the government is active and claiming jurisdiction.
I suggest mentioning in the title that it concerns the US-border, I travelled across a lot of international borders, that didn't care. Only some international borders are a problem, one of these, the US one.
I know of companies that do not allow employees to bring work devices into China. That's probably a somewhat different issue of industrial espionage, though.
We're fortunate to live in a timeframe where this sort of bullshit has been unusual up until now for most people.
Ask a US citizen of Pakisanti descent about travel to India sometime. International conflict gets taken out on poor saps trying to travel all of the time. Sometimes it's petty chickenshit, sometimes real.
Most of the information on Android phones is stored on the Cloud. Someone can factory reset their phone before crossing the border, create a new empty profile* just to show it to customs and, once they are in a "safe zone", factory-reset it again and load the good profile that will automatically download the user data and apps.
* Just to make the customs agents happy, I would fill the history of the fake profile with porn and pictures of donuts.
What if doing so requires a key stored on a computer at home? Or if the system has a duress password that restores plausible-seeming crap? Or if you did just factory-wipe it with no cloud-based backup? You can keep going back and forth with "what if" scenarios, but I'm not sure what the point would be.
It does, but that wasn't the point I was trying to make.
> The point is its all moot solving this at a technological level.
If I'm reading that right, it's closer to what I was thinking when I wrote my comment. We can come up with a bunch of clever solutions, someone else can shoot them down with plausible scenarios, but regardless, some asshole at the border can still say "I don't believe your phone's blank, and I don't believe you don't have a Twitter/Facebook/etc account. So, you'll need to restore your phone and give us your social media passwords to get out of here"
"untravel mode" wouldn't be an option on the phone.
Once you get home and want to untravel, you plug your phone in to your desktop and sign in to a cloud service that "untravels" your phone, restoring to the state it was in.
I am reminded of a check-box proforma that circulated in the 1990s, pointing-out the flaws any time someone proposed a 'clever' solution to spam:
'[X] You are proposing a technical solution to a non-technical problem'
The border agent of ${COUNTRY} doesn't care if you wiped your phone accidentally or deliberately; his flowchart says 'access subject's chat history on phone'. If that's not possible, goto 'reject'.
The border agent of ${COUNTRY} cannot reasonably deny you access because you aren't in possession of a smartphone with personal data on it. What they can do is get you in trouble for deliberately wiping said personal data after they ask for it, but it's perfectly legal to choose to travel without carrying your personal data.
admax88q said they wanted a mode where it wipes your phone. That mode is called "factory reset".
If what you want is a mode that wipes your phone only when a CBP agent looks at it, as other people have stated in the comments here, you'd probably be committing some sort of crime (e.g. destruction of evidence or lying to a federal agent).
The only truly safe way to cross is to not actually have your data when you cross, not to try and throw it away once you get singled out by agents.
iCloud backup. It's pretty darn easy to restore an iPhone after factory reset (as long as you have a decent internet connection and are willing to wait for however long it takes to reinstall all your apps and download all your data from the backup).
If you aren't planning on going to the US or to whichever other countries might try something similar, then I suppose it's a moot point for you, and you don't need to worry about your phone at all. But if your home government started treating you unreasonably, you might also be interested in having a discussion about possible reactions to the new policies, right?
Maybe, but I don't know when I might need it in the future, and when the time comes it's already too late. That is why I'm interested in this topic now. That is also why I'm not dismissing the idea because of some possible charges that might be laid against me by some possible border control person some time in the future.
I have nothing to hide personally. I'm more concerned about business secrets and SSH keys.
You do. And even if you don't, you should hide it anyway. Please stop using that sentence at all.
“Never say anything in an electronic message that you wouldn’t want appearing, and attributed to you, in tomorrow morning’s front-page headline in the New York Times.” — Colonel David Russell, former head of DARPA’s Information Processing Techniques Office
> You probably shouldn't assume you know people you've never met.
Good advice, in general. I've never met anyone that didn't have something to hide from someone, though. But you're making an even stronger claim: That nothing that you've said or done will ever be something that you'd want to keep private. When data gets out, you don't get to call it back, even when circumstances in the world change.
I'm well aware of that. There's nothing on my phone I'd be ashamed to have exposed. Like I said, SSH keys are a concern.
In fact, your country's president probably wouldn't care too much if the stuff on his phone was exposed. He seems to be more than happy to make public all his thoughts and opinions.
"There's nothing on my phone I'd be ashamed to have exposed."
That's the wrong question, though. (Despite the quote above.) The question is, do you have anything on your phone that someday a government may decide is a reason to do something bad to you?
The answer is always yes for two reasons: One, you can't know the future and what it will hold, for instance governments can make laws explicitly for the purpose of "getting" people, and two, the possible set of future governments pretty much has no safe behavior intersection.
I thought the point of your earlier comment was that you wanted a way to load different profiles. Otherwise, factory reset seems like a legitimate solution.
> I have nothing to hide personally. I'm more concerned about business secrets and SSH keys.
If you have nothing to hide you should have nothing to fear. Because you know that US is never involved in industrial espionage and Snowden NSA leaks have allegedly never happened.
If you are asked to produce the contents of your property and provide access to a subset of that property, that will be interpreted as either hindering official action or lying to a federal agent. Lying to a federal agent is a felony.
From the customs agent and legal point of view, there is no distinction between hiding a secret compartment in your luggage and a device.
> there is no distinction between hiding a secret compartment in your luggage and a device
Is it really illegal to have a secret compartment in your luggage? I mean, I have no doubt it's highly risky and that they will make the case you've done something wrong, but have you inherently done something illegal by merely having a secret compartment? Maybe only if you've explicitly represented that there are no other compartments? Or you've got contraband in there, or something else they've explicitly inquired about that you claimed you don't have? (But that's more about lying or existing laws, than the compartment itself.)
If you turned over your phone for inspection and could see they were looking in an app you don't use, are you committing a felony to not volunteer that they should look in the other browser for your real history or whatever? If having two profiles and only providing one is illegal, what about having two phones? (like your "real" one in your luggage, turned off.) Do I have to volunteer that when they asked for "my phone" that I actually have multiple? What if I kept the "real" one at home -- do I have to tell them the one they're looking at is only a subset of my property and doesn't represent what they probably actually meant when they asked for "my phone"?
I'm not entirely sure where "the lines" are here, but perhaps the passcode is part of it. Once they require that, they've crossed from dealing with physical items physically crossing the border, passing into things that are in your mind or physically located elsewhere. If they can require a lockscreen code, there's not really any reason they can't require every other password since those are "secret compartments" accessible from your phone, and if just having an undisclosed compartment really is illegal, I guess you'd better volunteer an exhaustive list of all your accounts...
If you have a desire to do some civil disobedience re some law that you have a beef with, the customs area of a port of entry is a really bad place to start.
In many cases, the customs people have discretion to not admit you for a variety of reasons. There's a tension between the process around physical goods and digital data that isn't clearly understood by the law. Until the law is more firmly established, you're better off not carrying stuff you care about.
> How have I hindered official action or lied to a federal agent by providing one of my passwords?
The same way that your child disobeyed you when you say "Go to bed", and they lay in yours and tell you "You didn't say which bed".
Clearly, the border agent wasn't asking for the password to your alternate, fake part of the phone, and they aren't likely to be happy if they figure out that you followed your own interpretation of the letter of the order, rather than an interpretation that conforms to the spirit of the order.
I'm not implying that people should behave in any particular way when asked to provide information to LEOs, only that phones should behave in a certain way when provided with a password. This might provide a level of security to a journalist who has been abducted, for example.
I'm assuming they're referring to the serious felony of lying to border police that you've fully unlocked your phone as requested when in reality you're presenting an artificially limited profile.
I don't know what you mean by "fully unlocked". Is there a legal definition for this? I made available to you more than just the lock screen software of my electronic device by entering a passcode, what more does "fully unlocked" entail (Please cite sources)?
An argument like this is fun on the internet, and it might (eventually) help you out in the courtroom. Let us know how it works out for you if the border guard decides that you're trying to make a fool out of him.
The parent poster was talking out their rear. There is no way utilizing such a tool, if it were available, is felonious in nature whatsoever.
Having multiple profiles per device and accessible in this manner would be preferable for a number of reasons. Least of which is not wanting anyone else access to your own sensitive information that they have no business looking at to begin with.
Have a mode that allows users to selectively designate and delete sensitive data.
Everyone has the feels over this border stuff and HN is collectively spewing the same inane questions repeatedly, but the reality is that people are more likely to get into trouble more often when spouses, employers, teachers, family, etc get to see things that weren't intended to be seen.
We have airplane mode to shut off phone radios, why not a purge mode to whack marked data. On iOS, the most rudimentary level of this sort of protection is available with MDM -- you can configure a device to erase managed data when it leaves a building or campus. The device is still active and manageable, but the data is gone until it becomes compliant.
My "only half joking" premonition is that in a few years you're going to need a permit to travel outside the US. And I don't mean a passport. I mean an application that is either approved or denied each time you want to go somewhere. And if you dont stick to the approved itinerary (or you dont come back), feds come bring you back and charge you as a felon.
Each one of these border issues (phone passwords, checkpoints inside the US, travel bans) increases the total law enforcement "resistance" we face when traveling internationally. As the resistance increases, at what point does it become an "open circuit" ?
> My "only half joking" premonition is that in a few years you're going to need a permit to travel outside the US.
Just like during communism in Poland. My parents told me such stories. I think they wouldn't believe me if I said them that it looks like it will be implemented again in USA.
Intelligence agencies aren't stupid. Evidence of attempts to thwart or subvert intelligence gathering is itself suspicious. If the feds seize what looks to them like a burner phone, that may be grounds for them to detain you without trial indefinitely; and may itself become a crime.
That's highly unlikely. How are you ever going to prove that the person just doesn't want to lose their main phone or risk having their information stolen by thieves? It's virtually impossible to get a conviction on circumstantial evidence. Now if you already have a reputation as a suspicious character in your own right, then being found with a burner phone might exacerbate that, but your argument basically depends on the judicial system as we know it ceasing to exist.
What is the felony charge? I keep seeing the word "felony" bandied about in this thread. I get it, it's a scary, attention-getting word. Is it really a charge with a minimum 1-year sentence?
18 U.S. Code § 1001 - Statements or entries generally
Current through Pub. L. 114-38. (See Public Laws for the current Congress.)
(a) Except as otherwise provided in this section, whoever, in any matter
within the jurisdiction of the executive, legislative, or judicial branch
of the Government of the United States, knowingly and willfully—
(1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact;
(2) makes any materially false, fictitious, or fraudulent statement or representation; or
(3) makes or uses any false writing or document knowing the same to
contain any materially false, fictitious, or fraudulent statement or entry;
shall be fined under this title, imprisoned not more than 5 years or, if
the offense involves international or domestic terrorism (as defined in
section 2331), imprisoned not more than 8 years, or both. If the matter
relates to an offense under chapter 109A, 109B, 110, or 117, or section
1591, then the term of imprisonment imposed under this section shall be
not more than 8 years.
Option 2: If you're at the US border and a US citizen, "Sir, I'm an American citizen and just want want to get home" -- citizens can't be blocked from re-entering at the border.
Option 1, why did you bring decoys? You should probably sit here in this cell for a bit while we work out what the fuck you're doing.
Option 2, they can't stop you from entering but they can make you enter directly into a jail cell, or generally make your life miserable. See the owner of cock.li, who had all of his electronics seized twice.
I've been party to discussions like this, I know how it goes. Once you're shoved in a small room indefinitely, all of your possessions and shoes taken so you don't kill yourself, and had questions dumped on you, a lot of these cute actions people are suggesting are pretty ridiculous. A seriously stupid move would be to try something like erasing your data, or trying to mislead the offers would simple prolong the experience. You get that treatment even if you haven't done anything wrong, god knows what happens if you have.
Citizens may, indeed, not be barred from re-entering, but there's absolutely nothing, anywhere that says we can't be made to wait unconscionably long before entry, or that we can be allowed to re-enter without our devices.
That constitutes de facto detention and yes, there's absolutely something that governs it.
Unfortunately ICE/CBP has policies [1] in place to require the phone's password that they believe are legitimate per 8 USC § 1357(a) (3). It's likely that only a court ruling weighing the policy regarding this statute against the bill of rights would make them change.
Define "blocked". Because Sidd Bikkannavar's recent experience tells a different story[0].
"The document given to Bikkannavar listed a series of consequences for failure to offer information that would allow CBP to copy the contents of the device. “I didn’t really want to explore all those consequences,” he says. “It mentioned detention and seizure.”"
You may be subject to an inspection for a variety of reasons, some of which include: [...] you have been selected for a random search."
You’re receiving this sheet because your electronic device(s) has been detained for further
examination, which may include copying.
CBP may retain documents or information relating to immigration, customs, and other enforcement matters only if such retention is consistent with the privacy and data protection standards of the system in which such information is retained. Otherwise, if after reviewing the information, there exists no probable cause to seize it, CBP will not retain any copies.
Tech bro citizens need to intentionally travel in order to step up and volunteer to say "No" to all entreaties for their data. They have money for lawyers, and PTO for time.
>citizens can't be blocked from re-entering at the border.
Well, sort of. They have to let you in, but you can be held more or less indefinitely if you're suspected of committing a crime, or not complying with the border agent.
"Okay, then please give me your Facebook and Twitter usernames and passwords."
If you lie, and then they do a search and find you, then you're going to be in bigger trouble.
I don't know those passwords because I use a password management solution allowing me to use very strong gobbledygook passwords. Access to my password management solution is bio-locked on a device I don't have presently.
I don't think it's all that suspicious. For example one might reasonably say something like this:
"My regular phone is SIM locked and my plan doesn't have international roaming, so it's useless to carry it. I bought a cheap unlocked phone so I could get a SIM card at my destination, because I only use it when traveling."
I have a prepaid plan that only works in the US anyway.
I never bring my US phone on international travel, because it just won't work. Instead, I carry a cheap Chinese GSM phone that's wiped before every trip and preloaded with some music and entertainment videos (TV Shows, etc.)
I buy the sim-card at my destination and throw it away when I go back to the States.
I'm not sure this solves anything, but then again, I don't work for a company that makes me required to be able to access sensitive data from any point in the world. YMMV.
This might have been suggested before, but I think it's novel enough to repeat:
You should be able to create two passwords for all devices. One, your password, would allow you to use the device normally, the other, your lastword, would start a silent erasure of the device. The device could even present a fake successful authentication, like dumping you to some fake desktop, while it erases your data.
While in this case it would not really benefit someone in situations like US border crossings who have almost no rights, I think it would be very effective at discouraging attempts to force people to divulge their passwords, as the person entering the lastword would effectively be informing the device that it was under attack. With something like this I would think that questioning people for their passwords would be pointless.
They don't need to know you have evidence. All they need to know is that you deliberately caused them to erase your device under the guise of unlocking it. Which means your device could have had evidence, and now you've made it impossible to prove that it didn't.
IANAL, but I don't think so. They don't have to prove that the data you just wiped contained evidence of wrongdoing, they just have to prove that you wiped the data after they asked for it. That's kind of the point of "destruction of evidence". If they already knew the contents of the data, they wouldn't actually need it, now would they?
There are lots of situations now where using such a duress password would be a crime.
If it became commonplace, providing such a password to law enforcement would likely be criminalized.
The simpler way to deal with it that doesn't involve the potential of breaking laws is to carry a travel device and straightforwardly identify it as such if asked. Or don't carry any device at all.
With a laptop, this seems trivial: just create a second user in the system with some data (so it does not look empty). Then create a login script that deletes the data of you primary user and deletes itself. Nobody would ever realize what happened (except with forensic tools).
1/ I legitimately do not know a lot of my usernames and passwords. I sign up with a unique email that includes the name of the site (I'm not particularly religious about the format of this and usually end up checking previous email to figure it out). Passwords are saved in Chrome and I mostly don't remember them. I'm sure I am not unique. Where would one stand with this scenario?
2/ Wherever I can, I use a U2F device as a second factor. Could one be compelled to provide this along with the passwords (providing I can remember them)? Where would one stand if the key was unavailable - i.e. lost/left at home? Assuming they have a PC nearby for checking your social media accounts, I'd very much doubt it had it's USB ports enabled so, even if I did provide it, I would suggest they probably couldn't use it. Is there any documented precedent for how this is handled?
> Since most of our private data is stored in the cloud — and not on individual devices — you could also reset your phone to its factory settings [...] Then if you’re asked to hand it over, there won’t be any personal data on your phone
This makes me wonder: is it true? Is the data truly unrecoverable if you factory-reset your phone? I doubt so. But maybe there's some special tool to truly wipe a device (say like the equivalent of DBAN)
It's not a "guess". The last Android release that lacked support for block-device-level encryption was KitKat, which shipped in 2013. Any device being advertised with the "Android" trademark (to be fair: AOSP-based clone OSes like Amazon's have been slower to evolve) over the last two years has that support.
Please don't hijack an important security discussion to engage in meaningless platform flamage. Users with Android phones have this available and they should enable it, not be told that they need to "guess".
Also the parent post was talking about usage, not availability of encryption. So while recent Android versions most certainly offer encryption, it might not be enabled. iOS encrypted by default, as it should be.
I frequently see people with KitKat devices. Just because they aren't being sold by big parties now doesn't mean people don't have them, I can't make a global statement about Android devices the same I can about iOS ones.
I have some questions actually. Is it something you need to enable on Android? I seem to understand from the comment above yours that iOS has this enabled by default. If so, how do you actually enable it?
Yes, it's impossible to disable the disk encryption on iOS. If you don't set a passcode, the disk is still encrypted (but only with a per device key), this prevents recovery of data after an erase.
On most recent phones, the system is encrypted by default and a factory reset erases the keys, which does make it unrecoverable (unless the key is elsewhere, which I haven't heard of).
Definitely unrecoverable. The whole point of the feature is to make it impossible to recover the data once the key is erased, so you can be sure they're not storing a backup anywhere as that would defeat the point.
I'm interested to see how Apple will react to this, given their history with the FBI. Right now, you can connect your iPhone to a computer and get all the information off it - doesn't matter if you are iTunes or Cellebrite. It'd be good to have a permanent way to disable this ability in the future, so that your phone data cannot be siphoned out, even if you provide the PIN. Of course, that's not the only way for data to be extracted, but all other options would be considerably slower and less practical.
Apparently there already is. It's called Pair Locking, and it's something you can do with Apple's Configurator software. Forensic data dumpers use the same functionality that iTunes uses to talk to the phone, which uses a process called "pairing", and Pair Locking makes it so the device refuses to establish any new pairs.
"And you can bet that countries like China and Russia aren’t far behind" - I am a Russian citizen and I cross the border of Russia very frequently and I cannot agree with the statement. The worse thing I've been asked about was "what is the goal of your trip". Getting your phone on the border of Russia is something impossible, it's just unimaginable. I've never been asked to show anything except for my passport. At least now and for the time before this moment.
How sad that by now it's far easier to simply mail your stuff to yourself, pick it up on arrival to destination, and mail it back to your house before departing. I am beginning to hate my country so bad I can't wait to get out. It feels nothing like the country I grew up in.
In this age of digital instant copy, Facebook has made a lot of things the norm. I watch TV shows and cyber stalking is seen as normal.
A good friend of mine was blackmailed by her boyfriend that her sensitive pictures would be released on the Internet if she didn't return his calls. It was the first time she realized that what was considered silly can really be very serious. She deleted her Facebook and Twitter account.
I really want to see a big hack, sort of a global financial crisis level on the surveillance govt is collecting for people to realize this shit can really fuck society up.
If your rights are suspended at the border, then whose rule of law does apply? Clearly not the US, then would it be the neighboring country like Canada? Or is it some sort of no mans land? With more and more of these stories bringing up the lack of 4th and 5th Amendment rights, I'm becoming curious as to what can legally happen at the border. How would common crimes be handled in this area?
Once customs and border patrol is holding you is there any way to back out? Could you say something like "Uh... I think I'm just not going to enter right now."?
(then back up your data, ship the computer device with an insurance policy, and give the border crossing another shot)
(IANAL) If you're a US citizen, indefinite detainment without cause is unconstitutional: they must release you eventually; you also (provided you have your passport/can prove citizenship) have a right to enter your country. Further, if they try to detain you indefinitely illegally, you have the right to a writ of habeas corpus — a legal challenge that your detainment or jailing is illegal (your jailor must go before the court and show cause that he/she has the right to hold you). (Though, if you are in this position, you may need someone to file it on your behalf.) Again, I'm only asserting this in the specific situation of a US citizen attempting to enter the US.
My understanding is that they are permitted to search you, for the narrow purpose of border security. (I.e., the search here is not a violation of fourth amendment rights.) But I don't see how they can force you to divulge your password. You might not get the phone back, though, and they'd likely make your life very difficult; it's probably better to not mess around with them, and plan ahead. Specifically, I don't think leaving and trying again is ever an option, and wouldn't look good to the officer.
You can. You have the right to withdraw the border crossing submission which is what you effectively do when you try to cross the border. I once was denied entry to the US and the CBP officer offered me to make it as I'm withdrawing my border crossing application in order to make the consequences less severe.
If you have a Nexus Android phone, just change to guest mode or add another user. It's a seldom used feature and limits what people can see or do with your primary account - inspectors are unlikely to know as it's fairly low-key when users are swapped
Thanks, that is good to know. I wish there was something as easy as the iTunes backup for iPhones. There are Android apps that claim to do a more thorough job but I haven't tried them.
Titanium backup for a rooted device works great. If you have access to recovery you can also do a Nandroid backup which gives you 100% restore capability.
For non rooted this seems very tricky, that's why I asked. Most likely you will spend hours getting your phone to work again.
OK, those of us who know better travel without phones, what about people who don't know better but have received information from me? The data about me on their phone cannot be protected by me.
They may choose to detain you anyway, and force you to give them passwords to various accounts manually. But there’s no easy way for them to know which services you use and which services you don’t use, or whether you have multiple accounts.
Well ... two can play that game
"any matter within the jurisdiction" of the federal government of the United States and since you are not in that jurisdiction this does not seem to appply :)
It would be nice if there were a feature built in to phones to facilitate this. Like, on the lock screen, an emergency wipe button that runs a procedure you specify (log you out of everything, obfuscate which services you subscribe to, etc) and this way as you're going through customs, you can gauge your risk and at any point you feel uncomfortable, you discreetly click your button before smoothly handing over your phone and password with a warm smile.
This suggestion comes up in every single thread. Consider that when such an obvious gambit seems to exist you're almost certainly not the first person to have come up with it, and there's a reason it hasn't already taken off.
Other commenters have already explained it to you. Reviewing existing knowledge on popular topics will often save you time and increase the enjoyment of participating.
So clearly you're here just to call me out, so it's funny you should bring up time saving.
Other commenters on my comment have not provided a good reason. Like I said, I walk through customs and passport control with my phone in my hand all the time (20 or so trips per year) and could easily click this button the instant something unusual happens.
The area you are frog marched into is strictly no devices allowed, if they see you with any electronics in your hand you will be pounced upon. This is very obviously because people try to destroy evidence they have on their devices once they discover they are screwed.
Nah, I'm sayin the area leading up to passport control or in the baggage claim area. I realize once you're sure something sketchy is happening, there's no actions left to take anymore. I pretty much have my phone out and in my left hand 100% of the time I'm in airports/planes, so nothing suspicious about right as someone's coming up to you or right as you walk up to a CBP officer you just tap a button.
They claim to be device free, but yet everyone has their phones out texting and doing email as they wait in line. I've never seen a border agent even say anything, much less march someone away.
As long as you aren't taking pictures of the procedures they don't really care.
The waiting line for immigration/customs is not the area I'm talking about, this area is where you go once you fail the initial screening. In some international airports like Sydney you will receive a $300 on the spot fine if you have your phone in your hand, they're serious about it.
Australia does have some outrageous laws, so I suppose they want you not to be destroying the things that are governed by those laws on your phone. But I'd rather take the fine than have them find out, if I had such things.
They can detain me indefinitely if they want, I will never give my pin to border security. I'm not going to bend to this bullshit by not carrying a phone.
It's easy to say that now. When the pressure's actually on and a person now has things at stake, priorities can change, and yielding starts to look like the eminently sensible thing to do.
I suspect your tune may change when you find yourself in indefinite detention, have missed your connecting flight, and your family/friend/spouse/boss has called said phone and been told by CBP that you're refusing to comply with an investigation.
Seems to me Apple and Google should be working on "roaming profiles." You can reset your phone to factory settings, or even get a rental phone at your destination, and then quickly restore it from your profile. After all it's the data you're interested in, not the device per se.
Also, carry multiple phones of the same model. I've been throwing my main phone anywhere besides in plain view and carrying a couple $5 Androids in my pockets instead when going thru TSA, better they try to search one of them than my main phone buried in my bag next to 2 others that look just like it.
"I don't bring my personal phone when traveling, because last time my 700$ iPhone was broken by stupid CBP agents" - that, or any reasonable excuse should work.
EDIT:
"I bring dumbphones when traveling because battery lasts two weeks, unlike iPhone"
"I heard that there are lot of thieves in the country I visited, so I was afraid to bring my real phone"
"I heard that airport X-ray machine can brick iPhone"
"I really like cheap, Chinese phones, they are so cute"
"iPhones are for hipsters, I prefer cheap, practical devices"
possibilities for excuse are endless. And, as the old rule goes, the stupider the excuse the better - if you can convince CBP agents that you are harmless idiot you win.
Why does anyone feel it's necessary to explain why they have the phone they have? There are plenty of people who use cheap phones, and not just as decoys. Why would they exist otherwise?
So it wouldn't be a problem, but if you carry a dumbphone, hand it over and then they search your luggage and find another phone, you'd be in deep trouble.
This is my main phone I use when crossing constitution-free zones.
> it's a felony to lie to a customs & border patrol officer
That makes me livid: "Oh, sorry, the constitutional laws (that apply to us) don't apply here, see it's not technically the US because reasons." [lies to officer] "FELONY!".
Why does that make you livid? Did you think you don't have to obey any laws simply because you're at a border? I guarantee you it's still a felony to murder someone there, so why would lying to a federal agent be any different?
Because the purpose of law is to protect people. The purpose of murder laws is to protect people from the act of murder. The purpose of constitutional law is to protect people from tyranny.
I don't understand what point you're trying to make. My point is that you can't reasonably claim that all laws go out the window just because some constitutional protections are suspended. Saying that it should be legal to lie to a federal agent under those circumstances is roughly equivalent to saying it should be legal to murder said federal agent under those circumstances (which is obviously not true).
The only other conclusion is that you think that the law against making false statements is somehow special and it alone should be thrown out under those circumstances. But there's no reason why that particular law should be special, so the much more straightforward assumption is that you think laws in general shouldn't apply in those circumstances.
"This is the phone owned by my employer for corporate use, I'd be glad to unlock it and you can look at corporate secrets all day, I don't care although I'll have to report the data breech to my employer. My personal phone doesn't have the hardware to work internationally and I don't pay for international service so its sitting on the shelf in my bedroom at home."
Remember they're not just dumping the contents for analysis, but also installing a rootkit, assuming the phone isn't already rooted, so once it leaves your presence or they plug anything into it, its no longer a trustworthy device.
Something I don't understand is the postal system is essentially wide open for transportation of drugs and stuff as per numerous dark web stories, so simply putting the phone in a box and mailing it would seem to reduce the chance of anyone in the .gov accessing it down to roughly 0% odds.
I'm convinced most of these stories are submarine marketing by big internet companies that have a wide open door to the NSA as most of the discussion revolves around the government not accessing your "private" Facebook activities where no such situation could possibly exist, so there's no point in not unlocking the phone. Ignore the man behind the curtain providing the NSA root privs on the server, the problem is individual officers gaining access to your CRUD app end user device LOL.
Given that the government already has all the data, the real battle is you are trying to appear to be an individual in their database and they'd like to know exactly who, which makes it about as nefarious as asking for your passport, and they know and understand that, so they freak if you won't give them access. As an analogy they know they have all the data on your drivers license and if you refuse to show them your drivers license that will make them extremely interested in why not, you claim you're j random hacker and you claim thats j random hackers drivers license and we have all the license data for j random hacker now why won't you show it, perhaps you have a fake ID for j random hacker or you're someone else trying to set up j random hacker or ...
"My main phone is SIM locked and I don't have international roaming on my plan, so there was no reason to carry it. I had to get a cheap phone so I could buy a SIM when traveling."
on a scale of 0-9, I'd put factory reset at about a 5. I'd wager there's still software out there that could do a raw read of the SD storage device's blocks. Unless Apple and friends have the device reset go to extra measures that tell the drive (at the chip-level, not the OS) "report all zeros" when read from, I think to increase your safety to "level 9" you should overwrite the disk by copying a large file several times until all the free space is consumed. Even then, flash drives have more physical storage than they report, but accessing those blocks would be pressing the edge of whats practical except in the most exigent situations.
Edit: I didn't realize virtually all phones' storage is encrypted nowadays.
All Apple devices are AES encrypted with a combination of a key on flash in the CPU, and a unique static key in the CPU core. "Erasing" the phone just removes the key, rendering the bulk flash storage completely useless. There's never any data stored which is not encrypted.
"Next programmer bro who explains his clever travel information security hack has to change his name to Mohamed Hussein Ali and try it at LAX"
https://twitter.com/thegrugq/status/831316334973579264